Open
Description
To make it easier for PyPI admins & moderators to process account recovery requests, there are few things we can do to make it possible for any admin/moderator to handle these requests and make it self-service as much as possible.
- Exposing the functionality for disabling 2FA in the admin (including issuing User events) so this doesn't require prod DB access
- Codify the initial process of sending an email to initiate the recovery process (as described here) ((admin): Account recovery tooling #16266)
- Summarizing recent actions on the User account and their projects
- Summarizing download counts for the user's project to determine criticality
- Some link to allow the affected user to notify admins that the initial steps have been completed
- Take into account critical projects & maintainers, possibly requiring admin intervention in these cases.
- Notify co-maintainers, publish an event (possibly publicly)
Regardless of improvements, we'll still require that a human in the loop does the final review before resetting access to the account. We'll also need to handle edge cases where a project doesn't have a public source repository.
Open questions:
- Keep the original requests in the GitHub tracker? This helps with associating w/ a GitHub account, but strongly ties us to GitHub
- Possibly explore generating these in PyPI based on a GitHub action in that repository
- Possibly: drop all roles that aren't sole owner, notify co-maintainers that they will need to vet and re-add?
- How do we establish & document a shared understanding of what requires further inspection
- Should we establish tiers? e.g. Tier 0: you have no projects. Tier 1: you have sole-owned projects that aren't widely used. Tier 2: you are co-maintainer on other projects. Tier 3: You are primary maintainer of a critical project.
ref: pypi/support#796